Legal

Privacy Policy

Last updated: 16 May 2026  ·  Effective: 16 May 2026

Contents

  1. Who we are
  2. What data we collect
  3. How and why we use your data
  4. Legal basis for processing
  5. Who we share data with
  6. International transfers
  7. How long we keep your data
  8. Cookies and tracking
  9. Your rights
  10. Security
  11. Children's privacy
  12. Changes to this policy
  13. Contact us
Plain-language summary: BFT AI collects only the information you voluntarily provide (e.g. via the contact form). We use it solely to respond to your enquiry. We do not sell your data, we do not use it for advertising, and we retain it only as long as necessary. You can ask us to delete it at any time.

1. Who we are

BFT AI ("BFT AI", "we", "our" or "us") is the data controller responsible for your personal data as described in this Privacy Policy.

Our primary contact for privacy matters is:

2. What data we collect

We collect personal data only when you actively provide it to us. The categories of data we may collect include:

CategoryExamplesSource
Identity dataFirst name, last name, job titleContact form
Contact dataBusiness email address, phone numberContact form
Organisational dataCompany name, company size, countryContact form
Communication dataMessage content, enquiry typeContact form
Technical dataIP address, browser type, page visitedServer logs (Netlify)

We do not collect sensitive personal data (health, biometric, financial account details, or special category data under GDPR Article 9).

3. How and why we use your data

We process your personal data for the following purposes:

  • Responding to enquiries: To answer questions submitted via the contact form and connect you with the relevant expert.
  • Scheduling demos or calls: To arrange product demonstrations or consultations at your request.
  • Service delivery: If you become a customer, to manage your account and provide the BFT AI platform.
  • Security and fraud prevention: To detect and prevent malicious or abusive submissions.
  • Legal obligations: To comply with applicable laws and regulations.

We do not use your data for unsolicited marketing, behavioural advertising, or profiling, without your explicit prior consent.

4. Legal basis for processing (GDPR)

Where the General Data Protection Regulation (EU) 2016/679 applies, we rely on the following legal bases:

PurposeLegal basis
Responding to contact form enquiriesConsent (Article 6(1)(a)) — you tick the consent checkbox
Providing contracted servicesContract performance (Article 6(1)(b))
Security and fraud preventionLegitimate interests (Article 6(1)(f))
Legal and regulatory complianceLegal obligation (Article 6(1)(c))

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing. To withdraw consent, email hello@bft-ai.com.

5. Who we share data with

We do not sell, rent or trade your personal data. We may share it only with:

  • Netlify, Inc. — our website hosting and form processing provider. Netlify processes form submissions on our behalf and is bound by GDPR-compliant data processing terms. See Netlify's Privacy Policy.
  • Internal team members — only the staff who need access to respond to your enquiry.
  • Legal authorities — where required by law, court order or regulatory obligation.

Any third-party service providers we engage are required to process data only on our documented instructions and implement appropriate security measures.

6. International data transfers

Our website is hosted on Netlify's infrastructure, which may involve transferring data to servers located in the United States. Where such transfers occur, we ensure they are protected by appropriate safeguards, including:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission, or
  • An adequacy decision by the European Commission.

You may request a copy of the relevant safeguards by contacting us at hello@bft-ai.com.

7. How long we keep your data

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law.

Data typeRetention period
Contact form submissions (no contract formed)12 months from submission, or until you request deletion
Customer account dataDuration of the contract + 3 years
Server / security logs90 days
Legal and financial recordsAs required by applicable law (typically 5–10 years)

After the applicable retention period, data is securely deleted or anonymised.

8. Cookies and tracking

The BFT AI website currently uses no third-party analytics cookies and no advertising or tracking pixels. We do not use Google Analytics, Meta Pixel, or similar services.

Netlify may set essential session cookies required for website functionality and security. These cookies do not track you across third-party sites and are not used for advertising.

If we introduce additional cookies in the future, we will update this policy and request your consent where required by law.

9. Your rights

Depending on your country of residence, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your data, subject to legal retention obligations.
  • Right to restriction: Request that we restrict processing of your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent.
  • Right to lodge a complaint: File a complaint with your local data protection authority.

To exercise any of these rights, contact us at hello@bft-ai.com. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are located in the European Economic Area, you may also lodge a complaint with your national supervisory authority. In Turkey, you may contact the Kişisel Verileri Koruma Kurumu (KVKK) at kvkk.gov.tr.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration or destruction. These measures include:

  • TLS 1.3 encryption for all data in transit
  • Honeypot and time-based bot detection on web forms
  • Access controls limiting data to authorised personnel only
  • Regular review of data processing practices

No method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Children's privacy

BFT AI is a business-to-business (B2B) service intended solely for use by professionals and organisations. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has submitted data to us, please contact us immediately at hello@bft-ai.com and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will indicate the "Last updated" date at the top of this page. For material changes, we will notify you via the email address on file (where applicable) or by placing a prominent notice on our website.

We encourage you to review this policy periodically.

13. Contact us

For any privacy-related questions, requests, or concerns, please contact us:

We aim to respond to all legitimate requests within 30 calendar days. For complex requests, we may need up to 90 days and will notify you accordingly.